Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook

[-]
Tags
2021 enterprise new locker ransomware babuk first is

tarekma7Update Babuk Locker is the first new enterprise ransomware of 2021
#1
It's a new year, and with it comes a new ransomware called Babuk Locker that targets corporate victims in human-operated attacks.

Babuk Locker is a new ransomware operation that launched at the beginning of 2021 and has since amassed a small list of victims from around the world.


From ransom negotiations with victims seen by BleepingComputer, demands range from $60,000 to $85,000 in Bitcoin.

How the Babuk Locker encrypts devices
Each Babuk Locker executables analyzed by BleepingComputer has been customized on a per-victim basis to contain a hardcoded extension, ransom note, and a Tor victim URL.

According to security researcher Chuong Dong who also analyzed the new ransomware, Babuk Locker's coding is amateurish but includes secure encryption that prevents victims from recovering their files for free.

"Despite the amateur coding practices used, its strong encryption scheme that utilizes Elliptic-curve Diffie–Hellman algorithm has proven effective in attacking a lot of companies so far," Dong stated in his report.

When launched, the threat actors can use a command-line argument to control how the ransomware should encrypt network shares and whether they should be encrypted before the local file system. The command-line arguments that control this behavior are listed below:


Code:
-lanfirst
-lansecond
-nolan


Once launched, the ransomware will terminate various Windows services and processes known to keep files open and prevent encryption. The terminated programs include database servers, mail servers, backup software, mail clients, and web browsers.

When encrypting files, Babuk Locker will use a hardcoded extension and append it to each encrypted file, as shown below. The current hardcoded extension used for all victims so far is .__NIST_K571__.


[Image: W5ZTRJM.jpg]

Continue reading HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Maze attackers adopt Ragnar Locker virtual machine technique tarekma7 0 185 09-20-2020 , 04:09 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)